🏷️ Troubleshoot services and networking

Check cilium proxy traffic

ᐅ sudo tcpdump -i cilium_vxlan

VXLAN

• VXLAN, or Virtual Extensible LAN, is a network virtualization technology designed to address the scalability limitations of traditional VLANs, particularly in large-scale data centers and cloud environments. It operates at Layer 2 (Data Link Layer) but enables the creation of virtual Layer 2 networks that can span across Layer 3 (IP) networks, effectively creating logical, isolated network segments over a shared physical infrastructure.

• The core function of VXLAN is to encapsulate entire Ethernet frames (Layer 2) within UDP packets (Layer 4), which are then transmitted over an IP network (Layer 3). This process, known as MAC-in-UDP encapsulation, allows Layer 2 traffic to be transported across a Layer 3 network, overcoming the physical and logical boundaries of traditional VLANs. The encapsulation adds a VXLAN header (8 bytes) and a UDP header (8 bytes) to the original frame, with the VXLAN header containing a 24-bit VXLAN Network Identifier (VNI). This VNI serves as a unique identifier for each virtual network segment, enabling up to 16 million distinct virtual networks, a significant improvement over the 4,094 VLANs supported by traditional VLANs.

• VXLAN is implemented using VXLAN Tunnel Endpoints (VTEPs), which are the devices responsible for encapsulating outgoing frames into VXLAN packets and decapsulating incoming VXLAN packets back into their original Ethernet frames. VTEPs can be physical switches, virtual switches, or host-based software. The logical tunnel established between VTEPs allows for the creation of a large, virtual Layer 2 switch, which is essential for enabling dynamic virtual machine (VM) migration without changing the VM’s IP address or disrupting ongoing sessions. This capability is critical for modern cloud computing, where workloads need to be moved efficiently between physical hosts for load balancing and maintenance.

• VXLAN is a key component of Network Virtualization over Layer 3 (NVO3) technologies and is standardized in RFC 7348. It is widely adopted as the mainstream technology for constructing modern data center networks due to its ability to support multi-tenancy, provide high scalability, and facilitate seamless workload mobility. While VXLAN itself does not provide encryption, it can be combined with other security protocols to enhance network privacy. The technology is supported by major vendors like Huawei, Juniper, and VMware, and is often deployed in conjunction with technologies like EVPN (Ethernet VPN) to manage the control plane for VXLAN networks.

Check service network

ᐅ k get cm -n kube-system kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' | yq -r .networking
{
  "dnsDomain": "cluster.local",
  "podSubnet": "10.244.0.0/24",
  "serviceSubnet": "10.96.0.0/16"
}

ᐅ k get servicecidrs.networking.k8s.io kubernetes -o jsonpath='{.spec.cidrs[]}'
10.96.0.0/16

ᐅ sudo grep service-cluster /etc/kubernetes/manifests -nri
/etc/kubernetes/manifests/kube-apiserver.yaml:39:    - --service-cluster-ip-range=10.96.0.0/16
/etc/kubernetes/manifests/kube-controller-manager.yaml:28:    - --service-cluster-ip-range=10.96.0.0/16

ᐅ k get svc -A -o jsonpath='{range .items[*]}{.metadata.name} {.spec.clusterIP}{"\n"}' | column -t
kubernetes      10.96.0.1
cilium-envoy    None
hubble-peer     10.96.51.19
hubble-relay    10.96.187.111
kube-dns        10.96.0.10
metrics-server  10.96.29.51